Here is some good news for people who are looking for WCF Security guidance. The Microsoft Patterns and Practices team has just created the following blog for this:

http://blogs.msdn.com/jmeier/archive/2008/03/27/patterns-and-practices-wcf-security-guidance-now-available.aspx

Here is their root page:

http://www.codeplex.com/WCFSecurity/